Is SPF widely used? I tested a couple of spam messages against the dnsstuff.com SPF link from this article. The spammer was sending from a domain that doesn't have an SPF record so the message would have passed. Can spammers bypass this filter by simply using domains that do not have SPF records?